rejetto forum

Automatic/Temporary Ban

Kremlin · 15 · 11920

0 Members and 2 Guests are viewing this topic.

Offline Kremlin

  • Tireless poster
  • ****
    • Posts: 137
    • View Profile
I feel something is missing in the BAN system as to, if someone tries to force login let's say +100 within a minute to the server, it might lag it and an automatic ban should be issued by HFS. The same apply's with download managers misconfiguration when someone doesn't specify what number of connections are allowed for each user/ip making some of then reproduce over +300 within a minute (i've experienced this) and again lagging the server a lot. One time someone used a more powerful download manager which even managed to crash the server. Temporary bans are something that in some cases might be better applied then in permanent bans for in the 'FlashGet' case the program itself will sometimes ignore the users configuration of the number of conections allowed and jump it to unlimited reproducing the problem above without the users fault.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
this is already in the to-do list

+ auto-ban IP if: bad login X times (with IP exclusion mask)


but i wonder if this will fit all needs, or we need it to be customizable with macros.


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
this is already in the to-do list

+ auto-ban IP if: bad login X times (with IP exclusion mask)


but i wonder if this will fit all needs, or we need it to be customizable with macros.
I'd favor the simple approach. It would be nice to have a error page section to let
the banned user know what happened. That could probably be done with macro though.


Offline AYEHAN

  • Occasional poster
  • *
    • Posts: 92
    • View Profile
if you ask me i want it a lil bit customised

like downloaders connection case or bad login case  HFS also send a DOS command too

arp -s IP-Add 00-00-00-00-00-00

it will work like a firewall and that user cant even ping you so he cant get to your HFS and when the ban remove arp -d  will remove firewall lock :)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
i just found that you an auto-ban system could be made with a simple script.
but there were a feature missing: handling of pipes as a character. I solved this in a quite dirty way. I just hope it never bites my hand.
From next build (239) you should be able to use this event script, set to 50 as a limit.
Being it a script, you can heavily customize it, as to exclude some addresses, run external software, etc.

Code: [Select]
[+unauthorized]
{.set|n|{.from table|#tries|%ip%.}.}
{.inc|n.}
{.set table|#tries|%ip%={.^n.}.}
{.if|{.{.^n.} > 50.}|{:
{.set ini|ban-list={.no pipe|{.from table|#ini|ban-list.}%ip%#are you trying to break me? {.time.}|.}.}
:}/if.}

since i want you to be able to try this out, i will give you a work-in-progress version of next build
www.dovedove.it/hfs-ban.exe
« Last Edit: May 21, 2009, 10:43:57 PM by rejetto »


Offline Kremlin

  • Tireless poster
  • ****
    • Posts: 137
    • View Profile
So it will ban a person if he retries 50 times, but what about a time limit for those 50 tries? If it's 50 tries/hour it isn't that much, even worse if people use download accelerators which break the file into parts making multiple connections over let's say 5 minutes. I will give it a try tomorrow and thanks for the progress, meanwhile please clarify my questions.  :)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
i don't understand what you desire.
the counter to reset after a while?


Offline Kremlin

  • Tireless poster
  • ****
    • Posts: 137
    • View Profile
Yes, because what makes the server crash is excessive number of connections in a very small period of time, ie 500 in 1 minute.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
ok, but consider that you should not fear only crash, but also bruteforce password discovering.


Offline funbird

  • Occasional poster
  • *
    • Posts: 8
    • View Profile
Hi,

I try this script also.
But after I unban an IP Address, the User has just one try to enter the right password befor he's back on ban list.

I think the couting var doesn't reset ?!


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
you are right.
so i suggest this new version, that will reset the counter, and will ignore unauthorized access that has no user/password entered.

Code: [Select]
[+unauthorized]
{.if|%user%|{:
{.set|n|{.from table|#tries|%ip%.}.}
{.inc|n.}
{.if|{.{.^n.} > 5.}|{:
{.set ini|{.no pipe|ban-list={.from table|#ini|ban-list.}%ip%#are you trying to break me? {.time.}|.}.}
{.set table|#tries|%ip%=0.}
:}|{:
{.set table|#tries|%ip%={.^n.}.}
:}/if.}
:}.}
« Last Edit: May 22, 2009, 10:00:21 AM by rejetto »


Offline funbird

  • Occasional poster
  • *
    • Posts: 8
    • View Profile
rejetto,

your new script doesn't work.
I entered a bad password/user login more than 20 times.

But I see the idea in your new script and changed the old one.
This one now works fine.

Code: [Select]
[+unauthorized]
{.set|n|{.from table|#tries|%ip%.}.}
{.inc|n.}
{.set table|#tries|%ip%={.^n.}.}
{.if|{.{.^n.} > 10.}|{:
{.set ini|ban-list={.no pipe|{.from table|#ini|ban-list.}%ip%#Contact Systemadministrator for unban {.time.}\p.}.}
{.set table|#tries|%ip%=0.}
:}/if.}


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile

Offline Kremlin

  • Tireless poster
  • ****
    • Posts: 137
    • View Profile
I'm sorry rejetto but I've haven't had time to work this out with college and all, I still appreciate the work  :). Glad to see that funbird managed to test it anyways.


Offline funbird

  • Occasional poster
  • *
    • Posts: 8
    • View Profile
Hi Guys

both versions are now working !

rejetto Verion: ignore unauthorized access that has no user/password entered
my verion: doensn't ignore unauthorized access that has no user/password entered

Kai